Highlights
This release revamps policy tooling with a concise sbx policy ls, a new sbx policy inspect, and a sbx policy check network command for testing whether the current policy would allow an access request before you run.
Networking gains a SOCKS5 upstream-proxy transport using DOCKER_SANDBOXES_PROXY.
Secrets get a new sbx secret import with clearer env-source visibility.
What's New
Networking & Proxy
- The sandbox proxy can chain upstream egress through a SOCKS5 proxy (
socks5:///socks5h://, with optional auth) viaDOCKER_SANDBOXES_PROXY,HTTP_PROXY, orHTTPS_PROXY. - Add
DOCKER_SANDBOXES_NO_PROXYto exclude destinations fromDOCKER_SANDBOXES_PROXY, using standardNO_PROXYmatching semantics. - Droid OAuth credentials are now proxy-managed: real tokens stay on the host and never land in the sandbox.
- Faster sandbox startup: the TLS-proxy CA is installed by merging into the trust bundle instead of running
update-ca-certificates, saving several hundred milliseconds.
Policy
- Simplify
sbx policy lsand add--wide,--source, and--decisionfilters - Add
sbx policy checkto test whether the current policy would allow an access request - Balanced network preset now allows VS Code domains, Azure Blob Storage (
*.blob.core.windows.net), anddhi.ioover HTTP.
Kits
sbx kit addnow recreates the sandbox container with the augmented kit set instead of injecting at runtime. State is preserved with the re-creation.sbx kit addapplies the added kit's network allow/deny rules and composed policy on the running sandbox.- Re-attaching to a sandbox created from a custom
--kitagent now works withsbx run --name <name>without re-passing--kit. - Kits can inject the user's Docker login token into requests to docker.com hosts via a credential with service
sbx-login.
CLI
sbx rmnow won't delete an active session unless--forceis passed.sbx inspectnow lists the sandbox's kits, injected secrets, and sandbox information.- Added
sbx daemoncommand (start,stop,status,log-level)
Secrets
sbx secret importimports credential env vars into the keychain;sbx secret lsflags env-only and OAuth-shadowed entries. Host env vars no longer auto-inject at runtime — usesbx secret importto migrate.
Runtime & images
- Enable virtiofs caching by default on all operating systems by default for faster filesystem performance (
DOCKER_SANDBOXES_ENABLE_VIRTIOFS_CACHE=0to opt out).
Bug Fixes
- Fix "container not found" errors when copying files with
sbx cpon a sandbox that has had a kit added. - Enforce the one-credential-per-service rule on credential capture paths so a stale API key no longer shadows a newly captured credential.
- Fix
sbx loginfailing with "The specified item already exists in the keychain" when signing back into a previously used account; logout now clears all stored Docker credentials. - Restarted sandboxes keep GitHub access by rehydrating the stored
githubcredential on daemon restart. - Fix a custom kit clearing the proxy's built-in GitHub auth header mapping for the whole daemon until a restart.
- Tunnel plain-HTTP forward traffic (e.g.
apt, port 80) via CONNECT when the upstream proxy only supports CONNECT. - Sandbox egress through an upstream proxy identifies as
sbx-proxyon the CONNECT handshake. - Fix IPv6 policy allow rules using bracket notation (e.g.
[fdcb::1]:22) not matching. - Fix
sbxconnecting to the wrong Docker daemon whenDOCKER_HOSTis set in the environment. - Serialize Docker Hub token refresh across the CLI and daemon so sign-in sessions aren't unexpectedly lost.
Platform support
- Block installation on Windows versions older than Windows 11 (the only currently supported version).